pam_userpass 1.0 review

Download
by rbytes.net on

PAM has traditionally assumed that services doing authentication have the ability to interact with the user

License: GPL (GNU General Public License)
File size: 4K
Developer: Solar Designer
0 stars award from rbytes.net

PAM has traditionally assumed that services doing authentication have the ability to interact with the user. Unfortunately, this isn't true for services that implement non-interactive and/or fixed protocols, such as FTP and POP3.

This is typically worked around by making the flawed assumption that PAM_PROMPT_ECHO_ON requests the username and PAM_PROMPT_ECHO_OFF requests the password.

With pam_userpass, this assumption is no longer required. pam_userpass uses PAM binary prompts to ask the application for the username and password specifically.

pam_userpass doesn't perform any actual authentication. An actual authentication module should be stacked after pam_userpass and told to use the authentication token (password) provided by pam_userpass.

pam_userpass 1.0 keywords